Introduction to RISC Zero zkVM
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. The RISC Zero zkVM enables you to build applications that produce cryptographic proofs of correct execution.What is zero-knowledge proof?
A zero knowledge proof allows one party (the prover) to convince another party (the verifier) that something is true without revealing all the details. In the case of RISC Zero, the prover can show that they correctly executed some code (known to both parties), while only revealing to the verifier the output of the code, not any of its inputs or any state during execution.How it works
The code runs in a special virtual machine, called a zkVM. The RISC Zero zkVM emulates a small RISC-V computer, allowing it to run arbitrary code in any language, so long as a compiler toolchain exists that targets RISC-V. Currently, SDK support exists for Rust, C, and C++.Installation
Install the RISC Zero toolchain and get started
Quick start
Build your first zkVM application in minutes
API Reference
Browse the complete Rust API documentation
Examples
Explore example projects and use cases
Key concepts
Method
A method is the code that runs inside the zkVM. It’s represented by a RISC-V ELF file compiled from Rust, C, or C++ source code.Guest and host
The logical RISC-V machine running inside the zkVM is called the guest, and the prover running the zkVM is called the host. The guest and the host can communicate with each other during execution, but the host cannot modify the execution of the guest in any way, or the proof being generated will be invalid.Journal
During execution, the guest code can write to a special append-only log called the journal, which represents the official output of the computation.Receipt
Presuming the method terminated correctly, a receipt is produced, which provides the proof of correct execution. This receipt consists of 2 parts:- The journal written during execution
- A blob of opaque cryptographic data called the seal
Image ID
For a given method, you can compute its image ID, which is a special type of cryptographic hash of the ELF file. The image ID is required for verification and ensures that the receipt was generated by executing the exact method you expect.Security
RISC Zero implements a three-layer recursive proof system based on the well-studied zk-STARK protocol and Groth16 protocol. With default parameters, this system achieves:- Perfect zero-knowledgeness
- 98 bits of conjectured security
For more details on the underlying cryptographic assumptions, see the Security Model documentation and the proof system whitepaper.
Use cases
Writing an application for the RISC Zero zkVM is the easiest way for software developers to produce zero-knowledge proofs. Whether you’re building for blockchains or not, RISC Zero offers the most flexible and mature ecosystem for developing applications that involve ZKPs. You can run the zkVM locally and your secrets will never leave your own machine, or you can upload your program and inputs to Bonsai for remote proving.Next steps
Install the toolchain
Follow the installation guide to set up RISC Zero on your system.
Run the quick start
Build your first zkVM application with the quick start guide.
Explore examples
Check out the example projects to learn more.